Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: nmap snmp scanning
From: Kent Hundley <khundley () opnet com>
Date: Mon, 05 Dec 2011 11:58:42 -0500


Thanks for your response, but this doesn't seem to resolve my issue. If I run that command, it will tell me that the SNMP port is open, but it doesn't tell me which of the available SNMP strings a given device is using (I have 3 possible strings in community.lst).

The command and output are below. I tried putting the community.lst file in the same dir as the nmap exe as well as in the nselib/data dir where the other lst files are located. Interestingly, I get the exact same response if I put a single bogus entry in the community.lst file or even if I run the command without the snmp-brute option at all. Its as if nmap is not reading the community file at all.

D:\Program Files (x86)\Nmap>nmap -sU -p161 --script snmp-brute --script-args snmplist=community.lst 10.x.y.z

Starting Nmap 5.51 ( http://nmap.org ) at 2011-12-05 16:46 GMT Standard Time
Nmap scan report for 10.x.y.z
Host is up (0.80s latency).
161/udp open  snmp

Nmap done: 1 IP address (1 host up) scanned in 8.52 seconds


On 12/1/2011 9:51 PM, David Fifield wrote:
On Tue, Nov 29, 2011 at 07:53:43AM -0500, Kent Hundley wrote:
I am trying to run an nmap SNMP scan to do the following:

1) scan a range of IP's and tell me if the device responds to any of
a list of supplied SNMP community strings
2) report which of the available community strings the device responded to

I have read the online docs and tried using the syntax of the
provided examples but I cannot seem to get nmap to report which of
an available list of snmp strings a device is using. It reports that
SNMP is open, but it never tells me which snmp string is in use. Is
this possible with nmap and can someone give me an example of the
syntax required if it is?
It sounds like what you want is the snmp-brute script:


A usage example is:

nmap -sU -p161 --script snmp-brute --script-args snmplist=community.lst<target>

community.lst is a file containing the community names you want to try.
You can leave that argument off to use the default list.

David Fifield

Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]